can passwords be replaced by the human body?€¦ · bt openzone (bt retail), 3g live! (vodafone...
TRANSCRIPT
www.cardsinternational.com April 2017 y 9
As banking and payments become increasingly advanced, the security protecting them needs to be more advanced as well. An often-touted solution is biometric security, but can this ever truly replace the tried-and-tested password? Patrick Brusnahan reports from the Digital Banking Club’s latest debate in London
The f irst of the Digital Banking Club’s debates of 2017 honed in on the topic of biometric security. Hosted at the prestigious Law Soci-
ety in London, the debate took the tra-ditional form with two teams slugging it out over the motion: This house believes the password will never be replaced by your body.
Is the password past its prime?Simon Cadbury, director of strategy and innovation at Intelligent Environments, opened the debate with admiration for the maligned password. He stated that while passwords were not perfect, they could be the best, with some improvements.
He said: “The password has become known and understood by everyone, but when the most common password is 123456, surely we can do better. We don’t need to replace passwords; we simply need better ones.
“However, authentication via body parts is complicated and expensive. Your body will never replace a password. Body parts do not provide a better counterpart. Body parts cannot be reset. Behavioural biometrics can’t help you if they don’t know you.”
Cadbury added: “Effective passwords rely on randomness – something that we just aren’t equipped to generate or remember. Creating and remembering one good pass-word is a serious challenge, but most of us
need 25. No wonder, then, that a third of people claim they forget a password at least once a week.
“Worse still, under Moore’s law, pass-words are becoming easier to crack with every passing year. Yet, despite decades of user education, we aren’t making our pass-words any stronger. The time seems ripe for biometrics to take over from passwords as the principle way we authenticate ourselves. But then again, we’ve been saying that for a very, very long time now.”
On the opposing side, Daryl Wilkinson, MD of DWC and former head of innovation at Nationwide, argued that the password was an outdated piece of kit.
“Biometrics not replacing passwords sounds like cars not replacing the horse and cart,” Wilkinson explained.
“Passwords are over 50 years old. Even the originator of the password considers them to be a nightmare. Research from Equifax showed that people shopping online actually preferred to use biometrics.”
Are biometrics enough?Ian Bradbury, CTIO financial services at Fujitsu, claimed he had no problem with bio-metric solutions, but there were flaws that limited its usefulness.
He said: “I’m not here to say biometrics do not have a part to play. My point is that it is not infallible.
“Biometrics can only ever be one factor. If biometrics don’t work, what’s the backup?
Can passwords be replaced by the human body?
DBC DEBATE: BIOMETRIC SECURITYCards International
Cards International
10 y April 2017 www.cardsinternational.com
EVENT: BIOMETRIC SECURITY
It will be a password or a PIN. If someone breaches my fingerprint, I can’t grow another finger,” Bradbury pointed out.
“In addition, from an inclusion perspec-tive, not all of us can use biometrics. There are people who are not comfortable using biometrics. That’s not going to change.”
Paul Trueman, SVP, global enterprise risk and security at MasterCard, started by claim-ing that all passwords are probably written down somewhere, whether we like it or not. This, in turn, needs to change.
“We’re changing our password model, because we have to. Passwords are not a horse; at best, they are a lame donkey,” True-man quipped.
“Now that everything is connected through the internet of things, there’s a lot more to steal and passwords are not accept-
able. There are a number of good and proven solutions out there that are developing. Pass-words are just a lock on the door with its key in sight.
“51% of passwords used today are for-gotten within a week. People probably have somewhere between 70 and 80 various accounts. If you only have a couple of dif-ferent passwords, those are now everywhere. The reason passwords survived so long was because they were cheap and easy to imple-ment.”
Trueman added: “There’s a need for intel-ligent friction. There is no one solution, no one perfect lock on the door. You need backups, but the backups do not need to be a password. It’s down the list, but there are many options and that’s what multilayer is all about.
“More will change in the next five years than in the past 50. You can’t put on noise-cancelling headphones and turn off the world.”
Are biometrics reliable?Enza Iannopollo, security and risk analyst at Forrester, stated: “Banks would prefer any other magic tool than something like facial recognition in terms of replacing passwords.
“Passwords are very easy to integrate and are straightforward, whereas body parts have false positives and negatives. The future is not a place where body parts will replace passwords, but enhance them.”
However, Chris Gledhill, CEO and co-founder of Secco Aura, was much more posi-tive about biometrics.
He said: “At some point between now and our bodies being replaced, passwords will be replaced. Biometrics can help people gain control on their finances and can greatly aid financial inclusion.”
As an example, he explained that custom-ers who are unable to type or remember passwords could be able to use their voices to gain access to their finances.
While there are voice-replication pro-grammes being launched, they cannot yet recreate dialects, and while in the short term there will be problems, as there are with all forms of biometrics, they will improve in the future.
“Behavioural biometrics are truly unique,” he continued. “There are fundamental prob-lems with passwords, and there problems with biometrics, but to say they will never replace passwords is impossible.” <
Results of the debate
The motion under discussion was: This house believes the password will never be replaced by your body.Prior to the debate the first of two polls was taken, with a resounding verdict against the motion.The audience voted 19% for the motion, with 81% against.At the conclusion of the debate, the second vote resulted in a dramatic shift of opinion and a win on the day for the team of Simon Cadbury, Enza Iannopollo and Ian Bradbury.The audience voted 43% for the motion, with 57% against. <
Cards International
www.cardsinternational.com April 2017 y 11
EVENT: BIOMETRIC SECURITY
The panel
Douglas Blakey, group editor, consumer finance, Verdict and chair of The Digital Banking ClubBlakey is group editor, consumer finance at Verdict, chief of judges for the annual Retail Banker International Awards and lead market advisor for Timetric’s retail banking research division. This division produces and maintains more than 50 market-leading research reports and has undertaken bespoke consultancy projects for banks, vendors and their advisors.
Blakey practiced as a solicitor in Scotland before moving into business information and analysis. He maintains an editorial advisory board of leading bank executives and is a regular guest banking analyst with the BBC, NBC, New Statesman and other leading media.
FOR THE MOTION
Enza Iannopollo, security and risk analyst, ForresterIannopollo is an analyst on the security and risk team at Forrester. Her research focuses on the impact of internet regulations and data privacy issues on digital business models, as well as the technologies that underpin them. Her research coverage includes data protection, privacy in the context of cloud computing, analytics, and the internet of things.
Iannopollo also helps security and risk professionals to build and execute data and privacy protection strategies in line with the requirements of the business technology (BT) agenda. Prior to joining the security and risk team, Iannopollo was a researcher on the CIO team; before that, she was a research associate on the BT Futures team. She collaborated on a variety of research reports, covering cloud computing, analytics, smart cities, and connected business. She has also delivered webinars and presentations to clients.
Iannopollo earned a BA in political science and an MA in public policy, magna cum laude, from the University of Roma; she also earned an MSc with merit in regulation from the London School of Economics. Iannopollo recently completed an intensive course at the London School of Economics focusing on IPRs and the security and privacy of cyberspace. She speaks fluent Italian and English.
Ian Bradbury, CTO financial services, FujitsuBradbury started his working life in the IT department of Friends Provident Life Office over 30 years ago, and has been involved in technology and financial services ever since. It has taken him around the world working with many different organisations, always focused on driving transformational change.
Throughout this time he says has never seen such risk and potential for financial services organisations as there is today – through digital disruption – and he finds it to be the most exciting period of his career so far.
He very passionate about technology, how it works and how it can be used to improve society and the lives of individuals. Bradbury is also a Fujitsu distinguished engineer.
Simon Cadbury, director of strategy and innovation, Intelligent EnvironmentsCadbury is a product marketer and strategist with 18 years’ experience working for a range of major international brands. Cadbury’s role is to work with Intelligent Environments’ investors to set and deliver the company’s mid- and long-term strategy, as well as taking overall responsibility for the product development and management of Interact, the company’s core product offering.
Simon joined in 2013 from Lloyds Banking Group where he was responsible for payment technology, and also sat on the CreditCard divisions leadership team. Prior to this he worked on the launch of a number of firsts in new technology – the Blackberry (BT Cellnet), BT Openzone (BT Retail), 3G Live! (Vodafone Australia) and Sky HD (BSkyB).
AGAINST THE MOTION
Chris Gledhill, CEO and co-founder, Secco AuraTop global fintech influencer, technologist and visionary, Gledhill is on a mission to reinvent currency. Former lead of disruptive innovation labs at Lloyds Banking Group, he is now CEO and co-founder of Secco Aura, a company that monetises data and empowers the consumer. Gledhill regularly speaks and blogs about financial services and is considered a thought leader in fintech.
He is passionate about disruptive technologies such as digital currencies, blockchain, AI, biometrics and the internet of things, and how they can be applied to banking.
Daryl Wilkinson, MD, DWCFollowing the launch of DWC, the Financial Conduct Authority invited Daryl to be its strategic advisor to the senior partner of fintech and regtech. His work has produced the first strategy of its kind for regtech innovation from any regulator worldwide, and a published commitment in the FCA’s 2016 business plan to enable more efficient and effective regulation and compliance. Wilkinson’s ongoing engagement with the FCA contributes to its objectives of promoting innovation, lowering barriers to entry and improving access to financial services.
Prior to DWC, Wilkinson was an executive at the Nationwide Building Society where he established and led its Group Innovation Lab. He created a new model of open and agile innovation for Nationwide while developing key partnerships with Silicon Valley and London fintechs, delivering pioneering innovation in customer experience, channel management, marketing and operations.
Wilkinson regularly speaks as an authority on digital technology and was the first private sector speaker to be invited to address the House of Commons Parliamentary Reception in 2015 when he spoke about industry forces reshaping UK financial services. He has featured in interviews for publications such as the Sunday Times, CIO magazine, Wired and FStech magazine.
Paul Trueman, SVP, global enterprise risk and security, MasterCard Trueman is responsible for the advancement of global product solutions around safety and security for MasterCard. He works directly with technical teams on fraud solutions and authentication, as well as leadership and consumer experience.
In 2015 he led the development of the biometric narrative enabling the identity check brand Selfie Pay for global rollout. He is also working with partners on digital evolution, the internet of things and the use of artificial intelligence.
He joined MasterCard in 2011 as head of marketing UK & Ireland, successfully leading the launch of Priceless London. He has been consistently named in the list of the 100 most influential marketers 2012-2015. Prior to MasterCard, Trueman held senior positions in marketing, innovation and strategy development in global and regional roles in diverse sectors including electronics with LG Electronics, and FMCG with both Mars and Cadbury Schweppes. <